go to bug id or search bugs for
<input type="file" name="files" multiple webkitdirectory>
This allows the user to select a directory and have all its files uploaded, also from all subdirectories. In Firefox, the POST request correctly contains the relative paths of all uploaded files. In PHP, the paths are removed and only the file names are available.
Actual value: 'file.png'
Expected value: 'sub/dir/file.png'
This makes the entire directory uploading feature unusable because the structure gets lost and file names may even become duplicate and useless.
Note, I have searches for "upload webkitdirectory" but only got tons of unrelated results, so I might have missed a real duplicate. Please improve your search if you want to avoid duplicates.
Add a Patch
Add a Pull Request
Hmm, the webkitdirectory attribute is part of the “File and
Directory Entries API” which is a very recent *draft*, so I
wouldn't assess non-compliance with this feature a bug in PHP per
Anyhow, the relevant code that causes this behavior is due to a
quirk of IE, namely that even recent versions of IE 11 allow to
“Include local directory path when uploading files to a server”.
However, while the code originally just catered to backslashes
(like the comment still indicates), it has been replaced with a
more general _basename() which also caters to (forward)
slashes. So, at the very least, the comment is wrong.
There's no way PHP could know whether it should keep or remove any directory portion of the original filename, and there is far too much code out there that trusts the name to be a basename. The only method I see for this is to introduce another array entry for the whole path - the value submitted by the client, unchanged. Like "original_name" or something. That should be a relatively minor change for PHP and it shouldn't impact any existing code.
Browser support is a bit contradictory:
I wouldn't call the browser support contradictory. Every current desktop browser supports this feature for a few versions already. 95% of all desktop users should be able to use it today. IE is not current and about to die. The concept of uploading large amounts of files probably doesn't fit into mobile devices anyway so I don't consider it a problem when these platforms don't support it.
The thing is, the HTTP request does contain that information about the provided path. PHP just drops it. And when the PHP manual contains code examples that suggest applying `basename` on the file name, I was assuming that it isn't basename'd already and browsers may or may not send a path there and I must remove it when I don't need it (or my code isn't prepared to validate it). I might need to go down and parse the HTTP request myself in PHP to extract the required information.